CVE-2026-24425

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...

CVE-2026-24425 Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...

CVE-2026-24425

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...

Fedora: Security Advisory for t-digest (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: t-digest-3.2-8.fc40

A new data structure for accurate on-line accumulation of rank-based statisti cs eg. quantiles and trimmed means. The t-digest algorithm is also very parallel friendly making it useful in map-reduce and parallel streaming applications...

The vulnerability of the map/reduce function implementation in the PouchBD database allows a hacker to execute arbitrary code.

The vulnerability of the map/reduce function implementation in the PouchBD database is related to deficiencies in code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code or system commands remotely...

GHSA-CGQV-X5CX-XVQH Arbitrary Code Injection in pouchdb

Affected versions of pouchdb do not properly sandbox the code execution engine which executes the map/reduce functions for temporary views and design documents. Under certain circumstances, an attacker could uses this to run arbitrary code on the server. Recommendation Update to version 6.0.5 or...

CVE-2016-10546

An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands...